From: Eugen Rochko <eugen@zeonfederated.com>
Date: Wed, 30 Mar 2022 12:45:52 +0000 (+0200)
Subject: Fix being able to bypass e-mail restrictions (#17909)
X-Git-Url: https://git.xn--scling-oua.cat.family/?a=commitdiff_plain;h=5554ff2a1d6f451d63d03f4eb0a740d8c91455de;p=mastodon.git

Fix being able to bypass e-mail restrictions (#17909)
---

diff --git a/app/models/user.rb b/app/models/user.rb
index f2d9c49eb..e25c0ddb0 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -91,11 +91,11 @@ class User < ApplicationRecord
   validates :invite_request, presence: true, on: :create, if: :invite_text_required?
 
   validates :locale, inclusion: I18n.available_locales.map(&:to_s), if: :locale?
-  validates_with BlacklistedEmailValidator, on: :create
+  validates_with BlacklistedEmailValidator, if: -> { !confirmed? }
   validates_with EmailMxValidator, if: :validate_email_dns?
   validates :agreement, acceptance: { allow_nil: false, accept: [true, 'true', '1'] }, on: :create
 
-  # Those are honeypot/antispam fields
+  # Honeypot/anti-spam fields
   attr_accessor :registration_form_time, :website, :confirm_password
 
   validates_with RegistrationFormTimeValidator, on: :create